WASHINGTON--(BUSINESS WIRE)--Promontory Financial Group today announced it has launched a new
Web-based tool to assist companies in using a new cybersecurity
framework released by the National Institute of Standards and Technology.

The NIST developed the “Framework for Improving Critical Infrastructure
Cybersecurity” as directed in a February 2013 executive order that
called for a voluntary, risk-based framework incorporating
industry-leading practices and standards. Supervisors are likely to draw
upon the framework when conducting examinations and updating their
examination procedures. It is widely expected to become a critical
component of any rigorous cybersecurity program in both financial and
nonfinancial institutions.

"Many firms with high-performing cyberrisk management functions are
already using elements of the framework internally,” said Earl Crane, a
senior principal at Promontory. “However, they are now starting to use
the framework to communicate their requirements and hold accountable
their vendors, third-party service providers, and outsourced operations.”

The flexible, Web-based Cyberrisk Assessment Tool allows financial
institutions to identify, manage, and report on cybersecurity risk,
consistent with existing regulatory frameworks. The software, designed
by industry experts and former compliance examiners, can be used to
guide a company as it uses the NIST framework to improve its cyberrisk
management programs and assess the cybersecurity of third parties.

“Regulators have recently noted the potential for third-party vendors to
represent a weak link in an institution’s overall information-security
system,” Crane said. “We believe this is the first tool to use the
framework to manage vendor cyberrisk and reduce third-party risk
exposure.”

“While the NIST cybersecurity framework is voluntary, it is emerging as
one of the most important blueprints for cyberrisk management in
regulated and nonregulated companies,” said Michael Dawson, a managing
director at Promontory. “This tool helps companies use the framework in
a robust, well-documented, and user-friendly way.”

About Promontory

Promontory Financial Group, headquartered in Washington, D.C., is the
world’s foremost expert in financial risk, regulation, and compliance.
The firm helps companies and governments around the world manage complex
risk and meet their greatest regulatory challenges, thereby making its
clients stronger and the financial system safer for consumers.
Promontory has offices in New York, San Francisco, Atlanta, and Denver,
and affiliate offices in Brussels, Dubai, Hong Kong, London, Milan,
Paris, Singapore, Sydney, Tokyo, and Toronto. Eugene A. Ludwig, who
served as U.S. comptroller of the currency under President Bill Clinton,
founded Promontory in 2001.